Heartbleed vulnerability means resetting these passwords is a good idea

It’s been a few days since the Heartbleed vulnerability bomb was dropped on the Internet, and the aftershocks are still being felt. The good news is that many of the sites you’re browsing have already been patched or were never vulnerable.

Which companies answered the bell and have plugged the Heartbleed hole? Here’s a quick list of the big names:

Google (including Gmail)

Yahoo! (including Yahoo! Mail)

Instgram

Pinterest

Minecraft

Dropbox

Tumblr

Etsy

GoDaddy

OK Cupid

Box.Net

GitHub

Since these sites have been patched, you should change your password immediately on any of them that you use. Heartbleed had been floating around undiscovered for two years. Even if you just changed a password on one of these sites a week ago, you need to update it again now that Heartbleed eavesdropping is no longer possible.

So whose servers weren’t affected?

Facebook

Microsoft

Amazon

eBay

Paypal

Hotmail/Outlook.com

AOL

Apple

Twitter

Every bank everywhere

In general, every bank that issued a statement on Heartbleed said that their services didn’t use OpenSSL, that they used an older, unaffected version, or that they offered multi-layered security that mitigated the risk. That sounds reassuring, but that’s what banks do when something like this happens. Bottom line: it’s still a good idea to change your online banking passwords.

The ultimate irony in the Heartbleed saga? That Target servers were unaffected by the bug. That’s certainly a relief. I’d hate to think that someone was stealing data from the cybercriminals who breached Target’s systems while it was flowing back into their evil lair.